Importing JSON – ABANDONED – HTTP 203

Updated : Nov 07, 2019 in Articles

Importing JSON – ABANDONED – HTTP 203


  • So Surma was talking about how WASM did not have context to the current page but might in the future. Currently i’m running “untrusted” WASM directly on the page, since i don’t give the WASM instance any context about it. But now with possible changes in the future, would it be wise to run these untrusted WASM in an iframe? (And communicate through postMessage for context to control the data)

  • So random idea that probably won't go anywhere because I haven't been following this or thought this through but what about the backtick string syntax?
    Ex. "import json`foo.json`"
    This can maybe open up possibilities for arbitrary filetype importers and parsers?

  • import something from './something.json' as 'json';
    NO. It looks ugly and vague extension to import statements.
    import something from 'import*json etcetc' still better.

  • I think non-javascript imports are weird… Sure, they make some sense on the Web, but what about the gereral-purpose side of JS? Also, why not just use (await fetch( …)).json() ? I think it doesn't make sense to mix importing scripts with parsing data, like Node.js does.

  • I absolutely do not like the idea of external imports. The only import im down for is local javascript modules. The rest are unnecessary..

  • Shoving the type into the URI string looks awkward as hell to me. I much prefer the "as 'json'" syntax, with a second optional parameter for dynamic imports that works the same way: import data from './source.json' as 'json' | const data = await import('./source.json', 'json')

    And if we have the system assume everything is JS unless otherwise specified in this way, it will force devs to specify their other types which prevents changes in the future from running malicious code.

  • I don't see how allowing JSON import is an additional security concern. You already have to trust the remote server when you import anything. An import of "" might actually give you an evil, or just broken script, or not JavaScript at all.

Leave a Reply

Your email address will not be published. Required fields are marked *